<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2017/5/18 0018
 * Time: 下午 16:03
 */

namespace Apps\Common\Plugin;


use Phalcon\Acl;
use Phalcon\Acl\Adapter\Memory;
use Phalcon\Events\Event;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Mvc\User\Plugin;
use PhalconPlus\Operator\Identity;

class BackendSecurityPlugin extends Plugin
{

    public function beforeDispatch(Event $event, Dispatcher $dispatcher)
    {
        $operator = new Identity();
        if($operator->isLogin()) {
            $authId = $operator->role;
            $manageRoles = $this->di->get("moduleConfig")->manageRoles->toArray();
            $auth = $manageRoles[$authId]['aclKey'];
        }else{
            $auth = "guest";
        }
        $controllerName = $dispatcher->getControllerName();
        $actionName = $dispatcher->getActionName();
        $acl = $this->getAcl();
        if(!$acl->isResource($controllerName)) {
            $dispatcher->forward([
                'namespace' => 'Apps\Manage\Controllers',
                'controller' => 'index',
                'action'     => 'show404'
            ]);
            return false;
        }
        $allowed = $acl->isAllowed($auth, $controllerName, $actionName);

        if (!$allowed) {
            $dispatcher->forward(array(
                'namespace' => 'Apps\Manage\Controllers',
                'controller' => 'sys',
                'action'     => 'login'
            ));
            return false;
        }
    }

    /**
     * @return Memory
     */
    public function getAcl()
    {
        //if (!isset($this->persistent->acl)) {
            $acl = new Memory();
            $acl->setDefaultAction(Acl::DENY);
            $moduleConfig = $this->di->get('moduleConfig')->toArray();
            $roles = $moduleConfig['manageRoles'];
            $roles[0] = [
                'name'=>'',
                'aclKey'=>'guest'
            ];
            foreach ($roles as $key => $role) {
                $acl->addRole(new Acl\Role($role['aclKey']));
            }
            $privateResources = $moduleConfig['privateResources'];
            $publicResources = $moduleConfig['publicResources'];
            foreach ($roles as $role) {
                foreach ($publicResources as $resource => $actions) {
                    $acl->addResource(new Acl\Resource($resource), $actions);
                    foreach ($actions as $action) {
                        $acl->allow($role['aclKey'], $resource, $action);
                    }
                }
            }
            foreach ($roles as $role) {
                if(isset($privateResources[$role['aclKey']])){
                    foreach ($privateResources[$role['aclKey']] as $resource => $actions) {
                        $acl->addResource(new Acl\Resource($resource), $actions);
                        foreach ($actions as $action) {
                            $acl->allow($role['aclKey'], $resource, $action);
                        }
                    }
                }
            }
            $this->persistent->acl = $acl;
        //}
        return $this->persistent->acl;
    }



}